From db440b3ba6b848010cf2a1fe9f76db394ce860da Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Aug 07 2013 22:38:31 +0000 Subject: NSS: Clear cached netgroups if a request comes in from the sss_cache In order for sss_cache to work correctly, we must also signal the nss responder to invalidate the hash table requests. https://fedorahosted.org/sssd/ticket/1759 --- diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 8882e4d..67811ac 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1347,6 +1347,7 @@ static void monitor_hup(struct tevent_context *ev, service_signal_rotate(cur_svc); if (!strcmp(NSS_SBUS_SERVICE_NAME, cur_svc->name)) { service_signal_clear_memcache(cur_svc); + service_signal_clear_enum_cache(cur_svc); } if (!strcmp(SSS_AUTOFS_SBUS_SERVICE_NAME, cur_svc->name)) { diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 7bc49e3..253756d 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -56,12 +56,15 @@ static int nss_clear_memcache(DBusMessage *message, struct sbus_connection *conn); +static int nss_clear_netgroup_hash_table(DBusMessage *message, + struct sbus_connection *conn); struct sbus_method monitor_nss_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache}, + { MON_CLI_METHOD_CLEAR_ENUM_CACHE, nss_clear_netgroup_hash_table}, { NULL, NULL } }; @@ -132,6 +135,24 @@ done: return monitor_common_pong(message, conn); } +static int nss_clear_netgroup_hash_table(DBusMessage *message, + struct sbus_connection *conn) +{ + errno_t ret; + struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), + struct resp_ctx); + struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx; + + ret = nss_orphan_netgroups(nctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Could not invalidate netgroups\n")); + return ret; + } + + return monitor_common_pong(message, conn); +} + static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells) { int i = 0; diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index e1d3a05..a1c4196 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -1031,3 +1031,33 @@ netgroup_hash_delete_cb(hash_entry_t *item, * table */ netgr->lookup_table = NULL; } + +errno_t nss_orphan_netgroups(struct nss_ctx *nctx) +{ + int hret; + unsigned long mcount; + unsigned long i; + hash_key_t *netgroups; + + if (!nctx || !nctx->netgroups) { + return EINVAL; + } + + hret = hash_keys(nctx->netgroups, &mcount, &netgroups); + if (hret != HASH_SUCCESS) { + return EIO; + } + + DEBUG(SSSDBG_TRACE_FUNC, ("Removing netgroups from memory cache.\n")); + + for (i = 0; i < mcount; i++) { + /* netgroup entry will be deleted by setnetgrent_result_timeout */ + hret = hash_delete(nctx->netgroups, &netgroups[i]); + if (hret != HASH_SUCCESS) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete key from hash\n")); + continue; + } + } + + return EOK; +} diff --git a/src/responder/nss/nsssrv_netgroup.h b/src/responder/nss/nsssrv_netgroup.h index a909abe..ddeb35d 100644 --- a/src/responder/nss/nsssrv_netgroup.h +++ b/src/responder/nss/nsssrv_netgroup.h @@ -33,4 +33,7 @@ int nss_cmd_endnetgrent(struct cli_ctx *cctx); void netgroup_hash_delete_cb(hash_entry_t *item, hash_destroy_enum deltype, void *pvt); + +errno_t nss_orphan_netgroups(struct nss_ctx *nctx); + #endif /* NSSRV_NETGROUP_H_ */